Are you wondering how you can protect your online privacy and internal corporate information?
Recent headlines about government eavesdropping and security leaks of various online services only add to concerns you might already have had about viruses and other security issues.
There are many things you can do to protect sensitive information. (Please call us if the following suggestions sound complicated. These are easy to use, once they're set up for you. We're here to help.)
Here are 10 Do's and Don'ts:
- Do use strong encryption: If you are using Microsoft Exchange or Office 365 email, your email internal to your organization is already encrypted. NST offers email encryption to outside recipients at a very low cost (less than 10₵/day, per user) as an add-on to your email filtering service and it lets you choose settings so only sensitive emails are encrypted.
- Don’t connect to “open” WiFi (any connection that doesn’t require a password, e.g. Starbucks). This is an easy way for people to steal your online identity. Everything you send and receive over such connections can be captured and read by any motivated 12-year old using free downloaded software. (Instructions provided courtesy of YouTube: Search YouTube for “how to steal passwords” and see for yourself.)
- Do know your authorized connections at trade shows and seminars. Your competition is there, along with others who might have an interest in information from people in your industry. If the event organizer identifies their hotspot as “eventname1” don’t assume a hotspot named “eventname2” is legitimate. It could be a “man-in-the-middle” trap that records your information. Connections to private company networks, payment sites and financial institutions are encrypted and secure, once they are established. However interception is possible by a “man in the middle” if you initiate those connections through such a relay.
- Do browse the web securely, when at home or when you travel. Here's how:
- If you are a business client for NST, then we have implemented a firewall to secure your network and in most cases you can use it to remote-connect securely from anywhere else. When outside your organization’s internal (firewall-protected) network the connection from your laptop or tablet to that VPN is also encrypted. This stops “browser hijack” and other information-stealing attempts. Once connected you can also browse the Internet using the web browser in the Terminal Server (if we have implemented one for you) for even greater protection.
- If NST hasn’t implemented a Virtual Private Network (VPN) and Terminal Server for you, you can use a third-party VPN service, such as Witopia. This will keep your local connection encrypted and stops “browser hijack” and other information-stealing attempts. The VPN prevents your ISP from logging your online activity (they will see your connection to the VPN service but won't be able to read the traffic)
- Do be selective about what “apps” and plug-ins you load on your computer and mobile devices. Read the Terms of Service and License Agreements. The publishers count on the fact that most people’s eyes will glaze over the legalese, and that you will click “agree”. “FREE” is not free, and you are giving up privacy rights to your own information by using “free” software. This is true of Google, Facebook and other “legitimate” free (and even some paid) providers. They may capture, store and analyze all emails, texts, phone calls, search requests, page visits and clicks, documents, and track your locations.
- Do set your mobile devices and laptops to auto-lock, and encrypt the disks.
- Do ask NST about Mobile Device Management. It can help keep your corporate data separate from employees personal data, and protect both. NST can also help stop criminals from getting your data if the device is lost or stolen with remote-wipe capability.
- Do use iCloud, Skydrive, Google Drive, Drop Box and other synchronized cloud storage (if allowed by your organization's policies) for convenient sharing and replicating certain types of personal (non-sensitive) files. Sensitive files should not be transmitted to most of these services, especially free services, unless they are encrypted before they are sent.
- Don't use iCloud, Skydrive, Google Drive, Drop Box and other synchronized cloud storage in place of managed backups. (There is big a difference between synchronized copies and managed backups, and there are significant differences in the security offered by various online services.) Mistakes and deletions can be replicated. Errors may happen during replication.
- If you use cloud services for storing sensitive files, make sure they are encrypted before they are transmitted online.
And; do ask NST to advise and help you protect your most valuable data. Please feel free to contact any of NST’s staff if you wish to discuss these methods in greater detail. We’re happy to assist.